GNU bug report logs - #43561
[core-updates] GnuTLS 3.6.12 test suite failure

Previous Next

Package: guix;

Reported by: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Date: Tue, 22 Sep 2020 12:36:02 UTC

Severity: normal

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 43561 in the body.
You can then email your comments to 43561 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to bug-guix <at> gnu.org:
bug#43561; Package guix. (Tue, 22 Sep 2020 12:36:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Tue, 22 Sep 2020 12:36:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: bug-guix <bug-guix <at> gnu.org>
Subject: [core-updates] GnuTLS 3.6.12 test suite failure
Date: Tue, 22 Sep 2020 08:36:21 -0400
Tested on core-updates commit d08f5299e62ca8f5f36f4f6ddf3fcd739d157074.

=========================================
   GnuTLS 3.6.12: tests/test-suite.log
=========================================

# TOTAL: 411
# PASS:  393
# SKIP:  17
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0

[...]

FAIL: fastopen.sh
=================

Checking Fast open
Echo Server listening on IPv4 0.0.0.0 port 6169...done
Echo Server listening on IPv6 :: port 6169...done
*** Fatal error: Error in the push function.
Could not connect to 127.0.0.1:6169: Transport endpoint is already connected
Processed 1 CA certificate(s).
Resolving 'localhost:6169'...
Connecting to '127.0.0.1:6169' (TFO)...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
 - subject `CN=GnuTLS Test Server (RSA certificate)', issuer `CN=GnuTLS Test CA', serial 0x4de0b4ca, RSA key 2432 bits, signed using RSA-SHA256, activated `2011-05-28 08:39:39 UTC', expires `2038-10-12 08:39:40 UTC', pin-sha256="ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE="
        Public Key ID:
                sha1:482334530a8931384a5aeacab6d2a6dece1d2b18
                sha256:6429dcdb1f84533b60e9286712fc2d707c6eb325ea2794492cd0832dcfa554d1
        Public Key PIN:
                pin-sha256:ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE=

- Status: The certificate is trusted. 
- Successfully sent 0 certificate(s) to server.
Failure: 1. TLS1.2 handshake should have succeeded!
Exiting via signal 15
FAIL fastopen.sh (exit status: 1)




Information forwarded to bug-guix <at> gnu.org:
bug#43561; Package guix. (Wed, 23 Sep 2020 01:39:02 GMT) Full text and rfc822 format available.

Message #8 received at 43561 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: 43561 <at> debbugs.gnu.org
Subject: Re: bug#43561: [core-updates] GnuTLS 3.6.12 test suite failure
Date: Tue, 22 Sep 2020 21:39:56 -0400
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:

> Tested on core-updates commit d08f5299e62ca8f5f36f4f6ddf3fcd739d157074.
>
> =========================================
>    GnuTLS 3.6.12: tests/test-suite.log
> =========================================
>
> # TOTAL: 411
> # PASS:  393
> # SKIP:  17
> # XFAIL: 0
> # FAIL:  1
> # XPASS: 0
> # ERROR: 0
>
> [...]
>
> FAIL: fastopen.sh
> =================
>
> Checking Fast open
> Echo Server listening on IPv4 0.0.0.0 port 6169...done
> Echo Server listening on IPv6 :: port 6169...done
> *** Fatal error: Error in the push function.
> Could not connect to 127.0.0.1:6169: Transport endpoint is already connected
> Processed 1 CA certificate(s).
> Resolving 'localhost:6169'...
> Connecting to '127.0.0.1:6169' (TFO)...
> - Certificate type: X.509
> - Got a certificate list of 1 certificates.
> - Certificate[0] info:
>  - subject `CN=GnuTLS Test Server (RSA certificate)', issuer `CN=GnuTLS Test CA', serial 0x4de0b4ca, RSA key 2432 bits, signed using RSA-SHA256, activated `2011-05-28 08:39:39 UTC', expires `2038-10-12 08:39:40 UTC', pin-sha256="ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE="
>         Public Key ID:
>                 sha1:482334530a8931384a5aeacab6d2a6dece1d2b18
>                 sha256:6429dcdb1f84533b60e9286712fc2d707c6eb325ea2794492cd0832dcfa554d1
>         Public Key PIN:
>                 pin-sha256:ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE=
>
> - Status: The certificate is trusted. 
> - Successfully sent 0 certificate(s) to server.
> Failure: 1. TLS1.2 handshake should have succeeded!
> Exiting via signal 15
> FAIL fastopen.sh (exit status: 1)

The same happens using gnutls 3.6.15.

Maxim




Information forwarded to bug-guix <at> gnu.org:
bug#43561; Package guix. (Wed, 23 Sep 2020 07:21:02 GMT) Full text and rfc822 format available.

Message #11 received at 43561 <at> debbugs.gnu.org (full text, mbox):

From: Efraim Flashner <efraim <at> flashner.co.il>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: 43561 <at> debbugs.gnu.org
Subject: Re: bug#43561: [core-updates] GnuTLS 3.6.12 test suite failure
Date: Wed, 23 Sep 2020 10:19:24 +0300
[Message part 1 (text/plain, inline)]
On Tue, Sep 22, 2020 at 08:36:21AM -0400, Maxim Cournoyer wrote:
> Tested on core-updates commit d08f5299e62ca8f5f36f4f6ddf3fcd739d157074.
> 
> =========================================
>    GnuTLS 3.6.12: tests/test-suite.log
> =========================================
> 
> # TOTAL: 411
> # PASS:  393
> # SKIP:  17
> # XFAIL: 0
> # FAIL:  1
> # XPASS: 0
> # ERROR: 0
> 
> [...]
> 
> FAIL: fastopen.sh
> =================
> 
> Checking Fast open
> Echo Server listening on IPv4 0.0.0.0 port 6169...done
> Echo Server listening on IPv6 :: port 6169...done
> *** Fatal error: Error in the push function.
> Could not connect to 127.0.0.1:6169: Transport endpoint is already connected
> Processed 1 CA certificate(s).
> Resolving 'localhost:6169'...
> Connecting to '127.0.0.1:6169' (TFO)...
> - Certificate type: X.509
> - Got a certificate list of 1 certificates.
> - Certificate[0] info:
>  - subject `CN=GnuTLS Test Server (RSA certificate)', issuer `CN=GnuTLS Test CA', serial 0x4de0b4ca, RSA key 2432 bits, signed using RSA-SHA256, activated `2011-05-28 08:39:39 UTC', expires `2038-10-12 08:39:40 UTC', pin-sha256="ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE="
>         Public Key ID:
>                 sha1:482334530a8931384a5aeacab6d2a6dece1d2b18
>                 sha256:6429dcdb1f84533b60e9286712fc2d707c6eb325ea2794492cd0832dcfa554d1
>         Public Key PIN:
>                 pin-sha256:ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE=
> 
> - Status: The certificate is trusted. 
> - Successfully sent 0 certificate(s) to server.
> Failure: 1. TLS1.2 handshake should have succeeded!
> Exiting via signal 15
> FAIL fastopen.sh (exit status: 1)

gnutls-3.6.14 also still fails after upgrading libgcrypt to 1.8.6.

-- 
Efraim Flashner   <efraim <at> flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[signature.asc (application/pgp-signature, inline)]

Reply sent to Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
You have taken responsibility. (Thu, 24 Sep 2020 02:48:01 GMT) Full text and rfc822 format available.

Notification sent to Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
bug acknowledged by developer. (Thu, 24 Sep 2020 02:48:02 GMT) Full text and rfc822 format available.

Message #16 received at 43561-done <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Efraim Flashner <efraim <at> flashner.co.il>
Cc: 43561-done <at> debbugs.gnu.org
Subject: Re: bug#43561: [core-updates] GnuTLS 3.6.12 test suite failure
Date: Wed, 23 Sep 2020 22:48:40 -0400
Hello Efraim!

Efraim Flashner <efraim <at> flashner.co.il> writes:

> On Tue, Sep 22, 2020 at 08:36:21AM -0400, Maxim Cournoyer wrote:
>> Tested on core-updates commit d08f5299e62ca8f5f36f4f6ddf3fcd739d157074.
>> 
>> =========================================
>>    GnuTLS 3.6.12: tests/test-suite.log
>> =========================================
>> 
>> # TOTAL: 411
>> # PASS:  393
>> # SKIP:  17
>> # XFAIL: 0
>> # FAIL:  1
>> # XPASS: 0
>> # ERROR: 0
>> 
>> [...]
>> 
>> FAIL: fastopen.sh
>> =================
>> 
>> Checking Fast open
>> Echo Server listening on IPv4 0.0.0.0 port 6169...done
>> Echo Server listening on IPv6 :: port 6169...done
>> *** Fatal error: Error in the push function.
>> Could not connect to 127.0.0.1:6169: Transport endpoint is already connected
>> Processed 1 CA certificate(s).
>> Resolving 'localhost:6169'...
>> Connecting to '127.0.0.1:6169' (TFO)...
>> - Certificate type: X.509
>> - Got a certificate list of 1 certificates.
>> - Certificate[0] info:
>>  - subject `CN=GnuTLS Test Server (RSA certificate)', issuer `CN=GnuTLS Test CA', serial 0x4de0b4ca, RSA key 2432 bits, signed using RSA-SHA256, activated `2011-05-28 08:39:39 UTC', expires `2038-10-12 08:39:40 UTC', pin-sha256="ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE="
>>         Public Key ID:
>>                 sha1:482334530a8931384a5aeacab6d2a6dece1d2b18
>>                 sha256:6429dcdb1f84533b60e9286712fc2d707c6eb325ea2794492cd0832dcfa554d1
>>         Public Key PIN:
>>                 pin-sha256:ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE=
>> 
>> - Status: The certificate is trusted. 
>> - Successfully sent 0 certificate(s) to server.
>> Failure: 1. TLS1.2 handshake should have succeeded!
>> Exiting via signal 15
>> FAIL fastopen.sh (exit status: 1)
>
> gnutls-3.6.14 also still fails after upgrading libgcrypt to 1.8.6.

This only occurs in the build container... and only on core-updates.

I've filed a bug report upstream (though I doubt they'll be able to
reproduce it, understand what it's caused by, given it seems specific to
networking in our build container):
https://gitlab.com/gnutls/gnutls/-/issues/1095.

And disabled the fastopen.sh test in our package for now.

Thanks for the feedback!

Closing,

Maxim




bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 22 Oct 2020 11:24:05 GMT) Full text and rfc822 format available.

This bug report was last modified 3 years and 157 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.